1 files changed, 32 insertions, 7 deletions

diff --git a/tests/auth_tests/test_basic.py b/tests/auth_tests/test_basic.py
index d7a7750b54..8d54e187fc 100644
--- a/tests/auth_tests/test_basic.py
+++ b/tests/auth_tests/test_basic.py
@@ -1,5 +1,3 @@
-from asgiref.sync import sync_to_async
-
 from django.conf import settings
 from django.contrib.auth import aget_user, get_user, get_user_model
 from django.contrib.auth.models import AnonymousUser, User
@@ -44,6 +42,12 @@ class BasicTestCase(TestCase):
         u2 = User.objects.create_user("testuser2", "test2@example.com")
         self.assertFalse(u2.has_usable_password())
 
+    async def test_acreate(self):
+        u = await User.objects.acreate_user("testuser", "test@example.com", "testpw")
+        self.assertTrue(u.has_usable_password())
+        self.assertFalse(await u.acheck_password("bad"))
+        self.assertTrue(await u.acheck_password("testpw"))
+
     def test_unicode_username(self):
         User.objects.create_user("jörg")
         User.objects.create_user("Григорий")
@@ -73,6 +77,15 @@ class BasicTestCase(TestCase):
         self.assertTrue(super.is_active)
         self.assertTrue(super.is_staff)
 
+    async def test_asuperuser(self):
+        "Check the creation and properties of a superuser"
+        super = await User.objects.acreate_superuser(
+            "super", "super@example.com", "super"
+        )
+        self.assertTrue(super.is_superuser)
+        self.assertTrue(super.is_active)
+        self.assertTrue(super.is_staff)
+
     def test_superuser_no_email_or_password(self):
         cases = [
             {},
@@ -171,13 +184,25 @@ class TestGetUser(TestCase):
             self.assertIsInstance(user, User)
             self.assertEqual(user.username, created_user.username)
 
-    async def test_aget_user(self):
-        created_user = await sync_to_async(User.objects.create_user)(
+    async def test_aget_user_fallback_secret(self):
+        created_user = await User.objects.acreate_user(
             "testuser", "test@example.com", "testpw"
         )
         await self.client.alogin(username="testuser", password="testpw")
         request = HttpRequest()
         request.session = await self.client.asession()
-        user = await aget_user(request)
-        self.assertIsInstance(user, User)
-        self.assertEqual(user.username, created_user.username)
+        prev_session_key = request.session.session_key
+        with override_settings(
+            SECRET_KEY="newsecret",
+            SECRET_KEY_FALLBACKS=[settings.SECRET_KEY],
+        ):
+            user = await aget_user(request)
+            self.assertIsInstance(user, User)
+            self.assertEqual(user.username, created_user.username)
+            self.assertNotEqual(request.session.session_key, prev_session_key)
+        # Remove the fallback secret.
+        # The session hash should be updated using the current secret.
+        with override_settings(SECRET_KEY="newsecret"):
+            user = await aget_user(request)
+            self.assertIsInstance(user, User)
+            self.assertEqual(user.username, created_user.username)